From 76ced5d6a65b6de035e17467721314e6eaeda806 Mon Sep 17 00:00:00 2001 From: Badhri Jagan Sridharan <Badhri@google.com> Date: Wed, 24 Jan 2018 15:43:56 -0800 Subject: [PATCH] Grant create_file_perms to hal_usb_gadget_server type=1400 audit(1516839845.731:13): avc: denied { unlink } for pid=800 comm="usb@1.1-service" name="UDC" dev="configfs" ino=27143 scontext=u:r:hal_usb_impl:s0 tcontext=u:object_r:configfs:s0 tclass=file permissive=0 avc: denied { unlink } for pid=800 comm="usb@1.1-service" name="UDC" dev="configfs" ino=27143 scontext=u:r:hal_usb_impl:s0 tcontext=u:object_r:configfs:s0 tclass=file permissive=0 Bug: 63669128 Change-Id: If193c88658ec9c72299beb717990ddb8211da9a5 --- public/hal_usb_gadget.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/hal_usb_gadget.te b/public/hal_usb_gadget.te index 16f4f0821..e412758a0 100644 --- a/public/hal_usb_gadget.te +++ b/public/hal_usb_gadget.te @@ -8,7 +8,7 @@ allow hal_usb_gadget_client hal_usb_gadget_hwservice:hwservice_manager find; # Configuring usb gadget functions allow hal_usb_gadget_server configfs:lnk_file { read create unlink}; allow hal_usb_gadget_server configfs:dir rw_dir_perms; -allow hal_usb_gadget_server configfs:file rw_file_perms; +allow hal_usb_gadget_server configfs:file create_file_perms; allow hal_usb_gadget_server functionfs:dir { read search }; allow hal_usb_gadget_server functionfs:file read; -- GitLab